Cisco VPN vulnerabilities actively exploited

SecurityWeek reports that Cisco has confirmed that threat actors have been leveraging two security flaws impacting its AnyConnect VPN offering following their addition to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog this week. Cisco's AnyConnect Secure Mobility Client for Windows was affected by the bugs, tracked as CVE-2020-3433 and CVE-2020-3153, which could be exploited to facilitate arbitrary code execution and file copying to arbitrary locations with elevated privileges. Both vulnerabilities have been addressed by Cisco in August 2020, but advisories concerning the flaws have only been recently updated to reflect active exploitation. "In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability," said Cisco. Attacks using the vulnerabilities have not yet been detailed but the flaws could likely be exploited in a complex, multi-stage attack.